header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Claroline Open Source e-Learning 1.7.5 Remote File Include

The file claroline/auth/extauth/drivers/ldap.inc.php uses the variable clarolineRepositorySys in a include() function without being declared. There are other files vulnerable in the same folder, this exploit only attacks ldap.inc.php. There is other vulnerable file claroline/auth/extauth/casProcess.inc.php it uses the claro_CasLibPath in a include function but this is not being declared either, so pwnt, RFI.

FIBARO System Home Center 5.021 – Remote File Include

The smart home solution is vulnerable to a remote Cross-Site Scripting triggered via a Remote File Inclusion issue by including arbitrary client-side dynamic scripts (JavaScript, VBScript) due to the undocumented proxy API and its url GET parameter. This allows hijacking the current session of the user or changing the look of the page by changing the HTML.

Recent Exploits: